Skip to content
HN On Hacker News ↗

LastPass notifies users of yet another data breach

▲ 526 points 238 comments by mooreds 2w ago HN discussion ↗

Pangram verdict · v3.3

We believe that this document is fully human-written

6 %

AI likelihood · overall

Human
100% human-written 0% AI-generated
SEGMENTS · HUMAN 2 of 2
SEGMENTS · AI 0 of 2
WORD COUNT 374
PEAK AI % 6% · §2
Analyzed
Jun 25
backend: pangram/v3.3
Segments scanned
2 windows
avg 187 words each
Distribution
100 / 0%
human / AI fraction
Verdict
Human
Pangram v3.3

Article text · 374 words · 2 segments analyzed

Human AI-generated
§1 Human · 6%

LastPass users are once again being warned about stolen personal data, though this time the breach happened through one of the company’s outside partners. Here are the details.

LastPass says password vaults not affected

As reported by TechCrunch, LastPass is emailing users affected by a breach at market research firm Klue, which allowed hackers to access customer information and support case data.

The news came as LastPass shared more information on a blog post, where it explained:

The information accessed was limited to standard business contact information and related customer relationship management (CRM) data, including customer names, phone numbers, email addresses, and physical addresses, as well as support case data and sales-related data.

LastPass said that upon learning about the incident, the company revoked employee access to Klue, rotated the exposed API tokens, notified law enforcement, and launched “a detailed investigation into the scope of the event, working with our contacts at both Klue and Salesforce.”

The company explains that Klue’s platform integrates with Salesforce and Gong systems.

As a result, LastPass is recommending that customers “remain vigilant of potential phishing attacks or social engineering attempts” leveraging the compromised information. LastPass also shared the following IP addresses and email sender domains associated with the attackers, which companies can use to search for related activity in their systems:

IP Addresses:

138.226.246[.]94

94.154.32[.]160

159.183.215[.]61

159.183.181[.]239

Email Sender Domains:

baccarat.com[.]au

robinskitchen.com[.]au

house.com[.]au

This is the latest in a series of security incidents affecting LastPass. In 2015, hackers obtained account email addresses, password reminders, authentication hashes, and cryptographic salts, although LastPass said encrypted vault data was not accessed.

In 2022, an attacker compromised a developer account and stole source code and technical information.

§2 Human · 6%

The attacker later used that information to access cloud backups containing customer records and encrypted password vaults, along with unencrypted details such as names, billing addresses, email addresses, and phone numbers.

To learn more about the Klue breach and LastPass’s response, follow this link.

Worth checking out on Amazon

Geoffrey Cain – ‘Steve Jobs in Exile’

David Pogue – ’Apple: The First 50 Years’

MacBook Neo

Logitech MX Master 4

AirPods Pro 3

AirTag (2nd Generation) – 4 Pack

Apple Watch Series 11

Wireless CarPlay adapter

FTC: We use income earning auto affiliate links. More.